Nextpertise a journal of interesting technical ideas . . .

DNS on Ubuntu

by Brent Stewart on Tuesday, Aug 31, 2021

Continuing from my previous post, I have recently rebuilt my server infrastructure at home, migrating from VMWare to Proxmox VE. I’m still getting the hang of Proxmox, although I’m feeling favorable towards it so far. In the meantime, I wanted to document some of the little pieces to setting up a home network. This time I’ll provide a walk through of a simple local DNS server. My goal at home is to create a “stewart.lan” network that I can use to reference local resources.

Like the Apache server I built last time, this server is running Ubuntu 21.04 Server and my instructions are written from that perspective. Some commands may change as you move to non-Debian distributions or with different versions. Installation of DNS services is done with bind9.

sudo apt update
sudo apt install bind9
sudo ufw allow 53
sudo ufw allow 53/udp

Once the service is installed, bind configuration files are found in /etc/bind. In my configuration there are five files that I modified or created: the service configuration file named.conf which loads in named.conf.local and named.conf.options.

root@webnamer:/etc/bind# cat named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";

###

root@webnamer:/etc/bind# cat named.conf.local
//
// Do any local configuration here
//
zone "stewart.lan" {
    type master;
    file "/etc/bind/forward.stewart.lan";
    allow-query { any; };
};

###

root@webnamer:/etc/bind# cat named.conf.options 
acl internal-network {
    192.168.24.0/22;
    localhost;
    localnets;
};
options {
    directory "/var/cache/bind";
    forwarders {
	    192.168.26.53;  //this server
	    208.67.222.222; //OpenDNS1
	    208.67.220.220; //OpenDNS2
	    8.8.8.8;        //Google DNS1
	    8.8.4.4;        //Google DNS2
    };
    allow-query { internal-network; };
    allow-query-cache { internal-network; };
    allow-recursion { internal-network; };
    allow-transfer { none; };
    allow-update { none; };
    dnssec-validation yes;
    auth-nxdomain no;
    recursion yes;
    notify no;
    listen-on { any; };
    listen-on-v6 { none; };
};

Anytime DNS config files are changed the system will need to be restarted.

systemctl restart named

With these files in place recursive lookups (like google.com) should be working. This can be tested by changing DNS on a machine, or by using dig or nslookup. Dig accepts arguments for the DNS server to use, the domain to be queried, and the type of record (by default A) to be returned. In the example below, the server and the domain to be returned are specified. NSLookup is a similar command that queries DNS servers. In the example below, the server command tells it to connect to the new server and then the “www” is a query for a record (haven’t gotten to the local zone setup yet).

root@webnamer:/etc/bind# dig 192.168.26.3 stewart.lan

; <<>> DiG 9.16.8-Ubuntu <<>> stewart.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35138
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 1b490288965657d7010000006131687c06bba43e1f56fdbc (good)
;; QUESTION SECTION:
;stewart.lan.			IN	A

;; AUTHORITY SECTION:
stewart.lan.		604600	IN	SOA	localhost. root.localhost. 6 604820 86600 2419600 604600

;; Query time: 0 msec
;; SERVER: 192.168.26.53#53(192.168.26.53)
;; WHEN: Thu Sep 02 20:12:44 EDT 2021
;; MSG SIZE  rcvd: 118

root@webnamer:/etc/bind# nslookup
> server 192.168.26.53
Default server: 192.168.26.53
Address: 192.168.26.53#53
> www
Server:		192.168.26.53
Address:	192.168.26.53#53

> 

If there are problems at this point this point, use named-checkconf to review the configuration files for errors. By default, named logs can be reviewed with tail /var/log/syslog as well.

A forward lookup zone (which matches names to numbers) needs to be created if we want a local zone. My house is named stewart.lan, but any name is fine with the caveat that collisions with valid public name spaces should be avoided. A forward lookup zone is a text file similar to the one below. Note that this file was referenced in the named.conf setup. A records link names to IPs. CNAMEs are alias records.

brent@webnamer:/etc/bind$ cat forward.stewart.lan
$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                            6         ; Serial
                        604820         ; Refresh
                        86600         ; Retry
                        2419600         ; Expire
                        604600 )       ; Negative Cache TTL
;
;Name Server Information
@       IN      NS      ns.stewart.lan.

;IP address of Your Domain Name Server(DNS)
ns IN       A      192.168.26.53

;A Record for Host names
gw     IN       A       192.168.26.1
ns	IN	A	192.168.26.53
pop	IN	A	192.168.25.7
print	IN	A	192.168.24.17
oldprint	IN	A	192.168.24.11
server	IN	A	192.168.26.9
proxmox	IN	A	192.168.26.10
library	IN	A	192.168.26.11


;CNAME Record
www	IN	CNAME	ns.stewart.lan.
dav	IN	CNAME	ns.stewart.lan.
newprint	IN	CNAME	print.stewart.lan.
pve	IN	CNAME	proxmox.stewart.lan.
webnamer	IN	CNAME	ns.stewart.lan

This setup doesn’t show the reverse lookup zone (24.168.192.in-addr.arpa), but that can be built easily and added if needed. Reverse zones link numbers to names and are used for authentication usually. With DNS setup and the forward zone in place, we should be able to ping by name (link printer.stewart.lan). If there are problems, use named-checkzone to confirm that the format of your zone file is correct.



References:
  

Recent articles related to these tags: Linux Bind DNS
Share this article:    Tweet